teleportation-cli 1.1.1 → 1.1.3

package/.claude/hooks/permission_request.mjs

@@ -330,6 +330,30 @@ const fetchJson = async (url, opts) => {
 
       if (status.status === 'denied') {
         log('Remote approval: DENIED');
+        // Log tool_denied event to timeline
+        try {
+          await fetchJson(`${RELAY_API_URL}/api/timeline`, {
+            method: 'POST',
+            headers: {
+              'Content-Type': 'application/json',
+              'Authorization': `Bearer ${RELAY_API_KEY}`
+            },
+            body: JSON.stringify({
+              session_id,
+              type: 'tool_denied',
+              data: {
+                tool_name,
+                tool_input: tool_input || {},
+                reason: status.decision_reason || 'Denied remotely via Teleportation',
+                approval_id: approvalId,
+                timestamp: Date.now()
+              }
+            })
+          });
+          log(`Logged tool_denied event for ${tool_name}`);
+        } catch (e) {
+          log(`Failed to log tool_denied: ${e.message}`);
+        }
         const out = {
           hookSpecificOutput: {
             hookEventName: 'PermissionRequest',

package/.claude/hooks/post_tool_use.mjs

@@ -102,6 +102,62 @@ const fetchJson = async (url, opts) => {
     log(`Failed to clear pending approvals: ${e.message}`);
   }
 
+  // Detect if this tool execution resulted in an error
+  const hasError = (() => {
+    if (!tool_output) return false;
+    // Check for is_error flag
+    if (tool_output?.is_error) return true;
+    // Check for error property
+    if (tool_output?.error) return true;
+    // Check for common error patterns in string output
+    if (typeof tool_output === 'string') {
+      const lower = tool_output.toLowerCase();
+      return lower.includes('error:') || lower.includes('exception:') || lower.includes('failed:');
+    }
+    // Check for stderr content
+    if (tool_output?.stderr && tool_output.stderr.trim()) return true;
+    return false;
+  })();
+
+  const outputPreview = (() => {
+    if (!tool_output) return null;
+    try {
+      const stringified = JSON.stringify(tool_output);
+      const truncated = stringified.slice(0, TIMELINE_OUTPUT_PREVIEW_MAX_LENGTH);
+      return stringified.length > TIMELINE_OUTPUT_PREVIEW_MAX_LENGTH ? truncated + '...' : truncated;
+    } catch (e) {
+      return '[Unserializable output]';
+    }
+  })();
+
+  // If there's an error, log a separate tool_error event for visibility
+  if (hasError) {
+    try {
+      const errorMessage = tool_output?.error || tool_output?.stderr || 
+        (typeof tool_output === 'string' ? tool_output.slice(0, 500) : 'Tool execution failed');
+      await fetchJson(`${RELAY_API_URL}/api/timeline`, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'Authorization': `Bearer ${RELAY_API_KEY}`
+        },
+        body: JSON.stringify({
+          session_id,
+          type: 'tool_error',
+          data: {
+            tool_name,
+            tool_input,
+            error: typeof errorMessage === 'string' ? errorMessage.slice(0, 1000) : JSON.stringify(errorMessage).slice(0, 1000),
+            timestamp: Date.now()
+          }
+        })
+      });
+      log(`Logged tool_error event for ${tool_name}`);
+    } catch (e) {
+      log(`Failed to log tool_error: ${e.message}`);
+    }
+  }
+
   // Record tool execution to timeline
   try {
     await fetchJson(`${RELAY_API_URL}/api/timeline`, {
@@ -116,21 +172,13 @@ const fetchJson = async (url, opts) => {
         data: {
           tool_name,
           tool_input,
+          has_error: hasError,
           // Include truncated output for context
-          tool_output_preview: (() => {
-            if (!tool_output) return null;
-            try {
-              const stringified = JSON.stringify(tool_output);
-              const truncated = stringified.slice(0, TIMELINE_OUTPUT_PREVIEW_MAX_LENGTH);
-              return stringified.length > TIMELINE_OUTPUT_PREVIEW_MAX_LENGTH ? truncated + '...' : truncated;
-            } catch (e) {
-              return '[Unserializable output]';
-            }
-          })()
+          tool_output_preview: outputPreview
         }
       })
     });
-    log(`Recorded tool execution: ${tool_name}`);
+    log(`Recorded tool execution: ${tool_name}${hasError ? ' (with error)' : ''}`);
   } catch (e) {
     log(`Failed to record to timeline: ${e.message}`);
   }

package/.claude/hooks/pre_tool_use.mjs

@@ -319,7 +319,7 @@ const fetchJson = async (url, opts) => {
       // Log model change to timeline
       if (RELAY_API_URL && RELAY_API_KEY) {
         try {
-          await fetch(`${RELAY_API_URL}/api/timeline/log`, {
+          await fetch(`${RELAY_API_URL}/api/timeline`, {
             method: 'POST',
             headers: {
               'Content-Type': 'application/json',
@@ -327,7 +327,7 @@ const fetchJson = async (url, opts) => {
             },
             body: JSON.stringify({
               session_id,
-              event_type: 'model_changed',
+              type: 'model_changed',
               data: {
                 previous_model: lastModel,
                 new_model: meta.current_model,
@@ -393,6 +393,32 @@ const fetchJson = async (url, opts) => {
     }
   }
 
+  // 3. Log tool_use event to timeline (before execution)
+  // This shows what Claude is attempting to do
+  if (session_id && RELAY_API_URL && RELAY_API_KEY && tool_name) {
+    try {
+      await fetch(`${RELAY_API_URL}/api/timeline`, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'Authorization': `Bearer ${RELAY_API_KEY}`
+        },
+        body: JSON.stringify({
+          session_id,
+          type: 'tool_use',
+          data: {
+            tool_name,
+            tool_input: tool_input || {},
+            timestamp: Date.now()
+          }
+        })
+      });
+      log(`Logged tool_use event for ${tool_name}`);
+    } catch (e) {
+      log(`Failed to log tool_use: ${e.message}`);
+    }
+  }
+
   // Check for pending results from daemon execution
   if (session_id && RELAY_API_URL && RELAY_API_KEY && CONTEXT_DELIVERY_ENABLED) {
     try {
@@ -463,6 +489,29 @@ const fetchJson = async (url, opts) => {
 
   if (tool_input.__teleportation_away) {
     await updateSessionState({ is_away: true });
+    // Log away_mode_changed event to timeline
+    if (RELAY_API_URL && RELAY_API_KEY) {
+      try {
+        await fetch(`${RELAY_API_URL}/api/timeline`, {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            'Authorization': `Bearer ${RELAY_API_KEY}`
+          },
+          body: JSON.stringify({
+            session_id,
+            type: 'away_mode_changed',
+            data: {
+              is_away: true,
+              timestamp: Date.now()
+            }
+          })
+        });
+        log(`Logged away_mode_changed (away=true) to timeline`);
+      } catch (e) {
+        log(`Failed to log away_mode_changed: ${e.message}`);
+      }
+    }
     const out = {
       hookSpecificOutput: {
         hookEventName: 'PreToolUse',
@@ -477,6 +526,29 @@ const fetchJson = async (url, opts) => {
 
   if (tool_input.__teleportation_back) {
     await updateSessionState({ is_away: false });
+    // Log away_mode_changed event to timeline
+    if (RELAY_API_URL && RELAY_API_KEY) {
+      try {
+        await fetch(`${RELAY_API_URL}/api/timeline`, {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            'Authorization': `Bearer ${RELAY_API_KEY}`
+          },
+          body: JSON.stringify({
+            session_id,
+            type: 'away_mode_changed',
+            data: {
+              is_away: false,
+              timestamp: Date.now()
+            }
+          })
+        });
+        log(`Logged away_mode_changed (away=false) to timeline`);
+      } catch (e) {
+        log(`Failed to log away_mode_changed: ${e.message}`);
+      }
+    }
     const out = {
       hookSpecificOutput: {
         hookEventName: 'PreToolUse',

package/.claude/hooks/session_end.mjs

@@ -202,6 +202,35 @@ const readStdin = () => new Promise((resolve, reject) => {
       is_away: false,
       stopped_reason: 'session_end'
     });
+    
+    // Log session_end event to timeline
+    if (RELAY_API_URL && RELAY_API_KEY) {
+      try {
+        await fetch(`${RELAY_API_URL}/api/timeline`, {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            'Authorization': `Bearer ${RELAY_API_KEY}`
+          },
+          body: JSON.stringify({
+            session_id,
+            type: 'session_end',
+            data: {
+              reason: 'normal_exit',
+              timestamp: Date.now()
+            }
+          })
+        });
+        if (env.DEBUG) {
+          console.error(`[SessionEnd] Logged session_end event to timeline`);
+        }
+      } catch (e) {
+        // Non-critical - don't block session end
+        if (env.DEBUG) {
+          console.error(`[SessionEnd] Failed to log session_end event: ${e.message}`);
+        }
+      }
+    }
   }
 
   // Deregister session with daemon

package/.claude/hooks/user_prompt_submit.mjs

@@ -74,6 +74,33 @@ const fetchJson = async (url, opts) => {
             },
             body: JSON.stringify({ is_away: desiredAway })
           });
+          
+          // Log away_mode_changed event to timeline (only for explicit /away or /back commands)
+          // Don't log for implicit "back" when user submits a regular prompt
+          if (lowered === '/away' || lowered === 'teleportation away' || 
+              lowered === '/back' || lowered === 'teleportation back') {
+            try {
+              await fetch(`${RELAY_API_URL}/api/timeline`, {
+                method: 'POST',
+                headers: {
+                  'Content-Type': 'application/json',
+                  'Authorization': `Bearer ${RELAY_API_KEY}`
+                },
+                body: JSON.stringify({
+                  session_id,
+                  type: 'away_mode_changed',
+                  data: {
+                    is_away: desiredAway,
+                    source: 'user_prompt',
+                    timestamp: Date.now()
+                  }
+                })
+              });
+              log(`Logged away_mode_changed (away=${desiredAway}) to timeline`);
+            } catch (timelineErr) {
+              log(`Failed to log away_mode_changed: ${timelineErr.message}`);
+            }
+          }
         }
       } catch (e) {
         // Always log failures to hook log file for debugging (not just in DEBUG mode)
@@ -114,7 +141,7 @@ const fetchJson = async (url, opts) => {
         const RELAY_API_KEY = config.relayApiKey;
 
         if (RELAY_API_URL && RELAY_API_KEY) {
-          await fetch(`${RELAY_API_URL}/api/timeline/log`, {
+          await fetch(`${RELAY_API_URL}/api/timeline`, {
             method: 'POST',
             headers: {
               'Content-Type': 'application/json',
@@ -122,7 +149,7 @@ const fetchJson = async (url, opts) => {
             },
             body: JSON.stringify({
               session_id,
-              event_type: 'model_change_requested',
+              type: 'model_change_requested',
               data: {
                 command: prompt,
                 timestamp: Date.now()

package/lib/config/manager.js

@@ -10,6 +10,21 @@ import { homedir } from 'os';
 
 const DEFAULT_CONFIG_PATH = join(homedir(), '.teleportation', 'config.json');
 
+/**
+ * Configuration keys that cannot be modified by users.
+ * These are managed exclusively by system commands (login, setup).
+ *
+ * Protected keys:
+ * - relay.url: Managed by 'teleportation login'
+ * - relay.apiKey: Managed by 'teleportation login' (not in config, but protected for consistency)
+ *
+ * @type {Set<string>}
+ */
+const PROTECTED_KEYS = new Set([
+  'relay.url',
+  'relay.apiKey', // Not in config file currently, but protected for future
+]);
+
 // Default configuration
 const DEFAULT_CONFIG = {
   relay: {
@@ -142,6 +157,54 @@ function getNestedValue(obj, path) {
   return path.split('.').reduce((current, key) => current?.[key], obj);
 }
 
+/**
+ * Set nested value in object using dot notation
+ * @param {Object} obj - Object to modify
+ * @param {string} path - Dot-notation path (e.g., 'relay.url')
+ * @param {any} value - Value to set
+ */
+function setNestedValue(obj, path, value) {
+  const parts = path.split('.');
+  const lastPart = parts.pop();
+  let current = obj;
+
+  for (const part of parts) {
+    if (!current[part] || typeof current[part] !== 'object') {
+      current[part] = {};
+    }
+    current = current[part];
+  }
+
+  current[lastPart] = value;
+}
+
+/**
+ * Check if a configuration key is protected from user modification.
+ *
+ * @param {string} key - Configuration key to check
+ * @returns {boolean} True if key is protected
+ *
+ * @example
+ * isProtectedKey('relay.url'); // true
+ * isProtectedKey('notifications.sound'); // false
+ * isProtectedKey('relay.url.custom'); // true (prefix match)
+ */
+function isProtectedKey(key) {
+  // Check exact match
+  if (PROTECTED_KEYS.has(key)) {
+    return true;
+  }
+
+  // Check prefix match (e.g., 'relay.url.custom' matches 'relay.url')
+  for (const protectedKey of PROTECTED_KEYS) {
+    if (key.startsWith(protectedKey + '.')) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
 /**
  * Auto-fix common configuration issues
  */
@@ -204,14 +267,57 @@ async function loadConfig() {
 
 
 /**
- * Save configuration
+ * Save configuration with protection against unauthorized changes.
+ *
+ * Validates that protected keys have not been modified before saving.
+ * This prevents bypassing protection via config edit.
+ *
+ * @param {Object} config - Configuration object to save
+ * @throws {Error} If any protected keys have been modified
  */
 async function saveConfig(config) {
   await mkdir(dirname(DEFAULT_CONFIG_PATH), { recursive: true });
-  
+
+  // Load existing config to check for protected key changes
+  let existingConfig;
+  try {
+    const content = await readFile(DEFAULT_CONFIG_PATH, 'utf8');
+    existingConfig = JSON.parse(content);
+  } catch (e) {
+    if (e.code !== 'ENOENT') {
+      // If file exists but we can't read it, re-throw
+      throw e;
+    }
+    // File doesn't exist yet, so no protected keys to check
+    existingConfig = null;
+  }
+
+  // If existing config exists, validate protected keys haven't changed
+  if (existingConfig) {
+    const violations = [];
+
+    for (const protectedKey of PROTECTED_KEYS) {
+      const existingValue = getNestedValue(existingConfig, protectedKey);
+      const newValue = getNestedValue(config, protectedKey);
+
+      // Only check if key exists in existing config
+      if (existingValue !== undefined && JSON.stringify(existingValue) !== JSON.stringify(newValue)) {
+        violations.push(protectedKey);
+      }
+    }
+
+    if (violations.length > 0) {
+      throw new Error(
+        `Cannot modify protected configuration key${violations.length > 1 ? 's' : ''}: ${violations.join(', ')}. ` +
+        `These settings are managed by 'teleportation login'. ` +
+        `For help, run: teleportation login --help`
+      );
+    }
+  }
+
   // Merge with defaults
   const merged = deepMerge(DEFAULT_CONFIG, config);
-  
+
   // Save as JSON for now (easier to parse)
   await writeFile(
     DEFAULT_CONFIG_PATH,
@@ -267,40 +373,45 @@ async function getConfigValue(path) {
 }
 
 /**
- * Set a config value by dot-notation path
+ * Set a config value by dot-notation path.
+ *
+ * @param {string} path - Configuration key (dot-notation path, e.g., 'relay.timeout')
+ * @param {any} value - Value to set
+ * @throws {Error} If key is protected or path is invalid
+ *
+ * @example
+ * // This works:
+ * await setConfigValue('notifications.sound', true);
+ *
+ * // This throws:
+ * await setConfigValue('relay.url', 'http://example.com');
+ * // Error: Cannot modify protected configuration key 'relay.url'
  */
 async function setConfigValue(path, value) {
+  // FIRST: Check if key is protected (library-level security)
+  if (isProtectedKey(path)) {
+    throw new Error(
+      `Cannot modify protected configuration key '${path}'. ` +
+      `This setting is managed by 'teleportation login'. ` +
+      `For help, run: teleportation login --help`
+    );
+  }
+
   // Validate path doesn't contain dangerous properties (prototype pollution protection)
   if (path.includes('__proto__') || path.includes('constructor') || path.includes('prototype')) {
     throw new Error('Invalid config path: cannot contain __proto__, constructor, or prototype');
   }
-  
+
   // Validate path format (only alphanumeric, dots, underscores, hyphens)
   if (!/^[a-zA-Z0-9._-]+$/.test(path)) {
     throw new Error('Invalid config path format: only alphanumeric characters, dots, underscores, and hyphens allowed');
   }
-  
+
   const config = await loadConfig();
-  const parts = path.split('.');
-  const lastPart = parts.pop();
-  let current = config;
-  
-  // Navigate/create nested objects
-  for (const part of parts) {
-    // Additional validation for each part
-    if (part.includes('__proto__') || part.includes('constructor') || part.includes('prototype')) {
-      throw new Error(`Invalid config path part: ${part}`);
-    }
-    
-    if (!current[part] || typeof current[part] !== 'object') {
-      current[part] = {};
-    }
-    current = current[part];
-  }
-  
-  // Set the value
-  current[lastPart] = value;
-  
+
+  // Use helper function to set nested value
+  setNestedValue(config, path, value);
+
   await saveConfig(config);
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "teleportation-cli",
-  "version": "1.1.1",
+  "version": "1.1.3",
   "description": "Remote approval system for Claude Code - approve AI coding changes from your phone",
   "type": "module",
   "main": "teleportation-cli.cjs",
@@ -60,6 +60,7 @@
     "vitest": "^4.0.9"
   },
   "dependencies": {
+    "@rollup/rollup-darwin-x64": "^4.54.0",
     "dotenv": "^17.2.3"
   }
 }

package/teleportation-cli.cjs

@@ -7,7 +7,7 @@ const path = require('path');
 const { execSync } = require('child_process');
 const os = require('os');
 
-const CLI_VERSION = '1.1.0';
+const CLI_VERSION = '1.1.3';
 const HOME_DIR = os.homedir();
 // Teleportation project directory (for development)
 // In production, hooks will be installed globally
@@ -1894,7 +1894,7 @@ async function commandConfig(args) {
       
       if (!key || valueStr === undefined) {
         console.log(c.red('❌ Error: Please specify key and value\n'));
-        console.log(c.cyan('Example: teleportation config set relay.url http://example.com:3030\n'));
+        console.log(c.cyan('Example: teleportation config set notifications.sound true\n'));
         return;
       }
       
@@ -1909,9 +1909,15 @@ async function commandConfig(args) {
         else if (/^\d+$/.test(valueStr)) value = parseInt(valueStr, 10);
         else if (/^\d+\.\d+$/.test(valueStr)) value = parseFloat(valueStr);
       }
-      
-      await setConfigValue(key, value);
-      console.log(c.green(`✅ Set ${key} = ${JSON.stringify(value)}\n`));
+
+      // Set config value with proper error handling
+      try {
+        await setConfigValue(key, value);
+        console.log(c.green(`✅ Set ${key} = ${JSON.stringify(value)}\n`));
+      } catch (error) {
+        console.log(c.red(`❌ ${error.message}\n`));
+        return;
+      }
       
     } else if (subcommand === 'edit') {
       const editor = process.env.EDITOR || 'vi';
@@ -2747,99 +2753,142 @@ async function commandInstallHooks() {
   // Step 3: Update settings.json
   console.log(c.yellow('Step 3: Updating Claude Code settings...\n'));
 
-  // Safely quote paths - JSON.stringify escapes special chars to prevent command injection
-  const quotePath = (p) => JSON.stringify(p);
-  
-  const hooksConfig = {
-    PreToolUse: [{
-      matcher: ".*",
-      hooks: [{
-        type: "command",
-        command: `node ${quotePath(path.join(globalHooksDir, 'pre_tool_use.mjs'))}`
-      }]
-    }],
-    PostToolUse: [{
-      matcher: ".*",
-      hooks: [{
-        type: "command",
-        command: `node ${quotePath(path.join(globalHooksDir, 'post_tool_use.mjs'))}`
-      }]
-    }],
-    PermissionRequest: [{
-      matcher: ".*",
-      hooks: [{
-        type: "command",
-        command: `node ${quotePath(path.join(globalHooksDir, 'permission_request.mjs'))}`
-      }]
-    }],
-    Stop: [{
-      matcher: ".*",
-      hooks: [{
-        type: "command",
-        command: `node ${quotePath(path.join(globalHooksDir, 'stop.mjs'))}`
-      }]
-    }],
-    SessionStart: [{
-      matcher: ".*",
-      hooks: [{
-        type: "command",
-        command: `node ${quotePath(path.join(globalHooksDir, 'session_start.mjs'))}`
-      }]
-    }],
-    SessionEnd: [{
-      matcher: ".*",
-      hooks: [{
-        type: "command",
-        command: `node ${quotePath(path.join(globalHooksDir, 'session_end.mjs'))}`
-      }]
-    }],
-    Notification: [{
-      matcher: ".*",
-      hooks: [{
-        type: "command",
-        command: `node ${quotePath(path.join(globalHooksDir, 'notification.mjs'))}`
-      }]
-    }],
-    UserPromptSubmit: [{
-      matcher: ".*",
-      hooks: [{
-        type: "command",
-        command: `node ${quotePath(path.join(globalHooksDir, 'user_prompt_submit.mjs'))}`
+  try {
+    // Use SettingsManager for proper hook management
+    const settingsManagerPath = path.join(TELEPORTATION_DIR, 'lib', 'settings', 'manager.js');
+    const { SettingsManager } = await import('file://' + settingsManagerPath);
+    const settingsManager = new SettingsManager(globalSettings);
+
+    // Remove ALL existing Teleportation hooks (regardless of path)
+    // This prevents accumulation of hooks from different installation locations
+    const removeResult = await settingsManager.removeTeleportationHooks();
+    if (removeResult.hooksRemoved > 0) {
+      console.log(c.cyan(`  Removed ${removeResult.hooksRemoved} existing Teleportation hook(s)\n`));
+    }
+
+    // Add new hooks pointing to global hooks directory
+    const addResult = await settingsManager.addHooks(globalHooksDir);
+    console.log(c.green(`  ✅ Added ${addResult.hooksAdded} hook(s) to settings\n`));
+
+    // Deduplicate in case there are any remaining duplicates
+    const dedupeResult = await settingsManager.deduplicate();
+    if (dedupeResult.duplicatesRemoved > 0) {
+      console.log(c.cyan(`  Removed ${dedupeResult.duplicatesRemoved} duplicate hook(s)\n`));
+    }
+  } catch (e) {
+    console.log(c.red(`  ❌ Failed to update settings: ${e.message}\n`));
+
+    try {
+      // Fallback to manual merge if SettingsManager fails
+      console.log(c.yellow('  Attempting fallback method...\n'));
+
+    const quotePath = (p) => JSON.stringify(p);
+
+    const hooksConfig = {
+      PreToolUse: [{
+        matcher: ".*",
+        hooks: [{
+          type: "command",
+          command: `node ${quotePath(path.join(globalHooksDir, 'pre_tool_use.mjs'))}`
+        }]
+      }],
+      PostToolUse: [{
+        matcher: ".*",
+        hooks: [{
+          type: "command",
+          command: `node ${quotePath(path.join(globalHooksDir, 'post_tool_use.mjs'))}`
+        }]
+      }],
+      PermissionRequest: [{
+        matcher: ".*",
+        hooks: [{
+          type: "command",
+          command: `node ${quotePath(path.join(globalHooksDir, 'permission_request.mjs'))}`
+        }]
+      }],
+      Stop: [{
+        matcher: ".*",
+        hooks: [{
+          type: "command",
+          command: `node ${quotePath(path.join(globalHooksDir, 'stop.mjs'))}`
+        }]
+      }],
+      SessionStart: [{
+        matcher: ".*",
+        hooks: [{
+          type: "command",
+          command: `node ${quotePath(path.join(globalHooksDir, 'session_start.mjs'))}`
+        }]
+      }],
+      SessionEnd: [{
+        matcher: ".*",
+        hooks: [{
+          type: "command",
+          command: `node ${quotePath(path.join(globalHooksDir, 'session_end.mjs'))}`
+        }]
+      }],
+      Notification: [{
+        matcher: ".*",
+        hooks: [{
+          type: "command",
+          command: `node ${quotePath(path.join(globalHooksDir, 'notification.mjs'))}`
+        }]
+      }],
+      UserPromptSubmit: [{
+        matcher: ".*",
+        hooks: [{
+          type: "command",
+          command: `node ${quotePath(path.join(globalHooksDir, 'user_prompt_submit.mjs'))}`
+        }]
       }]
-    }]
-  };
+    };
 
-  try {
     let existingSettings = {};
-    
+
     // Load existing settings if present
     if (fs.existsSync(globalSettings)) {
       try {
         const content = fs.readFileSync(globalSettings, 'utf8');
         existingSettings = JSON.parse(content);
         console.log(c.cyan('  Found existing settings, merging...\n'));
-      } catch (e) {
+      } catch (err) {
         console.log(c.yellow(`  ⚠️  Could not parse existing settings, creating new...\n`));
       }
     }
 
-    // Merge hooks intelligently - preserve user hooks, avoid duplicates
+    // Load isTeleportationHook pattern for filtering
+    let isTeleportationHook;
+    try {
+      const settingsManagerPath = path.join(TELEPORTATION_DIR, 'lib', 'settings', 'manager.js');
+      const settingsModule = await import('file://' + settingsManagerPath);
+      isTeleportationHook = settingsModule.isTeleportationHook;
+    } catch (err) {
+      // Log the specific error for debugging
+      console.log(c.yellow(`  ⚠️  Could not load SettingsManager: ${err.message}`));
+      console.log(c.yellow('  Using simplified hook detection pattern\n'));
+
+      // More robust fallback pattern matching the regex in SettingsManager
+      // Matches: .claude/hooks/(pre_tool_use|post_tool_use|permission_request|stop|session_start|session_end|notification|user_prompt_submit).mjs
+      isTeleportationHook = (cmd) => {
+        if (!cmd || typeof cmd !== 'string') return false;
+        return /\.claude\/hooks\/(pre_tool_use|post_tool_use|permission_request|stop|session_start|session_end|notification|user_prompt_submit)\.mjs/.test(cmd);
+      };
+    }
+
+    // Merge hooks - preserve NON-teleportation user hooks, remove ALL teleportation hooks
     const mergeHookArrays = (existing, incoming) => {
       if (!existing || !Array.isArray(existing)) return incoming;
       if (!incoming || !Array.isArray(incoming)) return existing;
-      
-      // Get commands from incoming hooks to check for duplicates
-      const incomingCommands = new Set(
-        incoming.flatMap(h => (h.hooks || []).map(hh => hh.command))
-      );
-      
-      // Filter out existing hooks that have the same command (will be replaced)
-      const filteredExisting = existing.filter(h => 
-        !(h.hooks || []).some(hh => incomingCommands.has(hh.command))
-      );
-      
-      // Combine: existing (non-duplicate) + incoming (teleportation hooks)
-      return [...filteredExisting, ...incoming];
+
+      // Filter out ALL teleportation hooks (regardless of path)
+      const nonTeleportationHooks = existing.filter(matcher => {
+        if (!matcher.hooks || !Array.isArray(matcher.hooks)) return true;
+        // Keep matcher only if it has non-teleportation hooks
+        return !matcher.hooks.every(h => h.command && isTeleportationHook(h.command));
+      });
+
+      // Combine: existing (non-teleportation) + incoming (new teleportation hooks)
+      return [...nonTeleportationHooks, ...incoming];
     };
 
     // Merge all hook types with warnings about user hooks
@@ -2851,12 +2900,9 @@ async function commandInstallHooks() {
       
       // Find user-defined hooks (not from teleportation)
       const userHooks = existingHooksForType.filter(h => {
-        const commands = (h.hooks || []).map(hh => hh.command || '');
-        return !commands.some(cmd => 
-          cmd.includes('teleportation') || 
-          cmd.includes('.claude/hooks') ||
-          cmd.includes('~/.claude/hooks')
-        );
+        if (!h.hooks || !Array.isArray(h.hooks)) return true;
+        // Keep only hooks that are NOT teleportation hooks
+        return !h.hooks.every(hh => hh.command && isTeleportationHook(hh.command));
       });
       
       if (userHooks.length > 0) {
@@ -2884,9 +2930,43 @@ async function commandInstallHooks() {
     // Write settings
     fs.writeFileSync(globalSettings, JSON.stringify(mergedSettings, null, 2));
     console.log(c.green('  ✅ ~/.claude/settings.json updated\n'));
-  } catch (e) {
-    console.log(c.red(`  ❌ Failed to update settings: ${e.message}\n`));
-    process.exit(1);
+
+    // Deduplicate in fallback path (Gap #2)
+    console.log(c.yellow('  Running deduplication check...\n'));
+    let duplicatesRemoved = 0;
+
+    for (const [hookType, matchers] of Object.entries(mergedSettings.hooks || {})) {
+      if (!Array.isArray(matchers)) continue;
+
+      const seenCommands = new Set();
+      const uniqueMatchers = [];
+
+      for (const matcher of matchers) {
+        const commands = (matcher.hooks || []).map(h => h.command).filter(Boolean);
+        const isUnique = !commands.some(cmd => seenCommands.has(cmd));
+
+        if (isUnique) {
+          uniqueMatchers.push(matcher);
+          commands.forEach(cmd => seenCommands.add(cmd));
+        } else {
+          duplicatesRemoved++;
+        }
+      }
+
+      mergedSettings.hooks[hookType] = uniqueMatchers;
+    }
+
+    if (duplicatesRemoved > 0) {
+      fs.writeFileSync(globalSettings, JSON.stringify(mergedSettings, null, 2));
+      console.log(c.cyan(`  Removed ${duplicatesRemoved} duplicate(s) in fallback\n`));
+    } else {
+      console.log(c.green('  ✅ No duplicates found\n'));
+    }
+    } catch (fallbackErr) {
+      console.log(c.red(`  ❌ Fallback also failed: ${fallbackErr.message}\n`));
+      console.log(c.red('  Please report this issue at: https://github.com/dundas/teleportation-private/issues\n'));
+      process.exit(1);
+    }
   }
 
   // Summary